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Remarks 

I. Introduction 

This is in response to the final Office Action dated April 20, 2007 and is being 
submitted simultaneously with a Request for Continued Examination pursuant to 37 
C.F.R. § 1.114. 

The Office Action rejected claims 2-3, 5-8, 10, 13-16, and 32-34 under 35 U.S.C. 
§ 102(b) as being anticipated by Trossen et al., Internet Draft "A Dynamic Protocol for 
Candidate Access-Router Discovery" ("Trossen"). Claims 4, 12, and 18-20 were rejected 
under 35 U.S.C. §103(a) as being unpatentable over Trossen, in view of U.S. Patent 
Number 7,065,340 to Einola et al. ("Einola"). Claim 9 was rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Trossen, in view of U.S. Patent Application 
Publication Number 2004/0123142 to Dubai et al. ("Dubai"). Claims 21, 25, 26, 28, 29, 
and 31 were rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. Patent 
Number 6,1 19,005 to Smolik ("Smolik"), in view of U.S. Patent Application Publication 
Number 2002/0085514 to Illidge et al. ("Illidge"). Claims 22, 27, and 30 were rejected 
under 35 U.S.C. § 103(a) as being unpatentable over Smolik in view of Illidge, and further 
in view of U.S. Patent Number 6,600,917 to Maupin ("Maupin"). Claim 23 was rejected 
under 35 U.S.C. §103(a) as being unpatentable over Smolik in view of Illidge, and further 
in view of U.S. Patent Number 6,813,357 to Matsuzaki et al. ("Matsuzaki"). Claim 24 
was rejected under 35 U.S.C. §103(a) as being unpatentable over Smolik in view of 
Illidge, and further in view of U.S. Patent Number 6,370,380 to Norefors et al. 
("Norefors"). 

Claims 5 and 13 have been amended in response to the § 102(b) rejection. Claim 
18 has been amended in response to the § 103(a) rejection. Claims 3, 6, and 9 have been 
amended to have the wording consistent with amended claim 5. 

Claims 21-31, and 34 are cancelled herein. Claims 1,11, and 17 have been 
previously cancelled. 
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Independent Claim 5 

The Office Action rejected claim 5 under 35 U.S.C. §102(b) as being anticipated 
by Trossen. 

As discussed in par. [0023] and associated Fig. 3 of the present application, 
applicants address the issue of a "delayed delivery attack". Par. [0023] reads in part: 

One possible attack on the candidate access node discovery 
system by a malicious mobile host is referred to by the 
inventors as a "delayed delivery" attack. This scenario is 
depicted in FIG. 3. In the delayed delivery attack, a 
malicious mobile host delivers the IP address of the 
previous access router to the new access router after 
multiple handoffs rather than a single handoff, resulting in 
incorrect information populating the candidate access node 
table. 

One method to address the delayed delivery attack is for the first access node to 
track the delay between the start of the mobile handoff and the receipt at the first access 
node of a request for verification message from the second access node. If the delay is 
too large, the first access node does not update the candidate access table. 

An embodiment of the invention comprises a method for tracking the delay and a 
method for specifying when the delay is too large. If the delay exceeds a maximum 
value, the first access node will reject the new access node as a candidate access node. A 
problem arises in setting the maximum value. If the value is too large, the probability of 
a delayed attack is increased. If the value is too small, however, there will be excessive 
false rejections since the handoff times may vary with system parameters. In one 
embodiment, the maximum value is set by a threshold value ^threshold, which may be 
configured by a user to accommodate different system parameters. For example, par. 
[0036] of the present application reads in part: "Since the time required for a layer two 
handoff can vary, different threshold values, ^threshold, can be applied for different link 
technologies." 

Applicants further recognize that there is a minimum processing interval required 
for the mobile host to setup communications with the second access point and the second 
access node. This minimum processing interval must explicitly be taken into account 
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when setting ^threshold, which obviously cannot be less than the processing interval. 
Taking into account the processing interval allows a user to better balance the tradeoff 
between probability of delayed attack and number of false rejections. As described in 
par. [0030] of the present application, this processing interval is specified by a "stay 
time" parameter. Par. [0030] reads in part: 



After establishing a key for message authentication, the new 
access router sends a neighbor identification message to the previous 
access router, denoted a "CARD Neighbor ID" message at 513 in FIG. 5. 
The message can preferably contain the above-mentioned ticket issued by 
the previous access router, information identifying the mobile host that 
delivered the ticket and/or the time period that has passed since the 
mobile host connected to the new base station and/or access router 
(otherwise referred to herein as the "stay time"). The new access router 
can also include the new access router's certificate in the message, as 
depicted in the illustrative message format shown in FIG. 6G. 

The stay time is an explicit field in the message shown in Fig. 6G. 

As described in par. [0035] and [0036] of the present application, one 
embodiment uses the stay time and a ticket to define a method for tracking the delay and 
a method for specifying when the delay is too large: 



The access router can check for a possible delayed delivery attack by 
determining the age of the ticket and whether the ticket is too "old." For 
example, the ticket can be judged expired in the following case: 



^current" ^ticket" ^staytime^^threshold 

where T cmreni is the current system time, r t i ck et is the system time when the 
ticket was generated or delivered, and T siayi i me is the mobile host's "stay 
time" contained in the above-mentioned neighbor identification 
message. The left hand of the equation above is a rough approximation of 
the time taken for the layer two handoff for the mobile host between the 
previous base station and the new base station. Since the time required 
for a layer two handoff can vary, different threshold values, Threshold, 
can be applied for different link technology combinations. 



Other embodiments may not use a ticket time. 
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In response to the 35 U.S.C. § 102(b) rejection, independent claim 5 has been 

amended to include the limitation: 

comparing a delay to a configurable threshold value, 
wherein the delay comprises a difference between a current 
system time and a stay time. 

In pg. 4, par. 4, Trossen, on the other hand, reads: 

To further verify the contents of the RI message, the AR 
sends a Geographical Neighbor Exchange (GNE) message 
(see Section 4.6) to the PAR. The GNE includes both the 
new and the previous AP identifiers, API and AP2. PAR 
verifies that API is indeed currently attached via its own 
local PNL entries, and that the MN was recently present . 
PAR replies to NAR, indicating the result of the validation. 
If the report was valid, PPAR updates its own PNL with an 
entry for NAR and AP2. 

The condition "that the MN was recently present" does not provide a mechanism for 
minimizing the probability of a delayed delivery attack and minimizing the number of 
false rejections. 

In order for a claim to be anticipated under 35 U.S.C. §102, each and every 
limitation of the claim must be found either expressly or inherently in a single prior art 
reference. PIN/NIP. Inc. v. Platte Chem. Co. , 304 F.3d 1235, 1243 (Fed. Cir. 2002). 
Since Trossen does not teach the limitation of "comparing a delay to a configurable 
threshold value, wherein the delay comprises a difference between a current system time 
and a stay time", applicants submit that amended claim 5 is allowable. 

Independent claim 5 has also been amended to clarify that the information 
provided to the mobile terminal comprises more than the identification of the first access 
node. This is fully supported by par. [0026], par. [0027], Fig. 5, Fig. 6B, and Fig. 6D. 
Fig. 6B and Fig. 6D show the fields in the CARD CAR Info Rep and CARD Delivery 
Req messages, respectively, received by the mobile from the first access node. In 
addition to the IP address of the first access node, they may contain CAR Info and a 
Ticket. 

Independent claim 5 has been further amended to clarify that the information 
received by the second access node from the mobile terminal comprises information 
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received by the mobile terminal from the first access node. This is fully supported by 
par. [0029], Fig. 5, and Fig. 6E. Par. [0029] reads in part: 

At 510, the mobile host provides the ticket and other useful 
information about the previous attachment point to the new 
access router, in what is denoted a "CARD Prev AP Info" 
message. The message can include, for example and 
without limitation, the previous access router's IP address, 
the previous access router's layer two identifier, etc. An 
illustrative message format is shown in FIG. 6E. 

Independent Claim 13 

The Office Action rejected claim 13 under 35 U.S.C. § 102(b) as being anticipated 
by Trossen. Claim 13 has been amended to include limitations similar to those included 
in claim 5. For reasons similar to those discussed above with respect to claim 5, 
applicants submit that amended claim 13 is allowable. 

Independent Claim 18 

The Office Action rejected claim 18 under 35 U.S.C. § 103(a) as being 

unpatentable over Trossen, in view of Einola. The Office Action cited Einola as 

teaching "information provided by the mobile terminal to the second access node 

comprising a ticket generated by the first access node." The Office Action cited Trossen 

as teaching the other elements of the claim. In response, claim 1 8 has been amended to 

include the limitation of: 

wherein the ticket is utilized by the first and second access 
nodes to compare a delay to a configurable threshold value, 
wherein the delay comprises the difference of a current 
system time minus a time at which the ticket was generated 
minus a stay time. 

As discussed above, this limitation is described in par. [0035] and [0036] of the present 
application. 

Since neither Trossen nor Einola teaches the above limitation, for the reasons 
discussed above, applicants submit that amended claim 18 is allowable. 
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Other Claims 

Claims 2-4, 6-10, and 32 are dependent on claim 5 and are therefore also 
allowable. Claims 12, 14-16, and 33 are dependent on claim 13 and are therefore also 
allowable. Claims 19-20 are dependent on claim 18 and are therefore also allowable. 
In order to expedite prosecution of the application, claims 21-31, and 34 are cancelled. 
However, applicants make no admission concerning the patentability of these claims, and 
reserve the right to pursue them in a continuation. 

No New Matter 

As discussed above, amendments to the claims are fully supported by the 
specification. No new matter has been added. 

Conclusion 

For the reasons discussed above, all pending claims are allowable over the cited 
art. Reconsideration and allowance of all claims are respectfully submitted. 
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